Sign up to receive free email alerts when patent applications with chosen keywords are publishedSIGN UP

Abstract:

A method includes receiving at a first computer a new certificate which is
to replace an old certificate associated with the first computer and
associating by the first computer the new certificate with the first
computer. In response to the first computer associating the new
certificate with the first computer, the first computer accesses an email
address book of the first computer having information identifying a
second computer as having received the old certificate to determine from
the information that the second computer is to associate the new
certificate in place of the old certificate with the first computer. In
turn, the first computer transmits the new certificate to the second
computer for the second computer to associate the new certificate with
the first computer.

Claims:

1. A method comprising:receiving at a first computer a new certificate
which is to replace an old certificate associated with the first
computer, wherein a given certificate enables communication between the
first computer and a second computer when the given certificate is
associated by both computers with the first computer, wherein the first
computer has an email address book having information identifying the
second computer as having received the old certificate;associating by the
first computer the new certificate in place of the old certificate with
the first computer;in response to the first computer associating the new
certificate in place of the old certificate with the first computer,
accessing by the first computer the email address book to determine from
the information identifying the second computer that the second computer
is to associate the new certificate in place of the old certificate with
the first computer; andin response to the first computer determining that
the second computer is to associate the new certificate in place of the
old certificate with the first computer, transmitting the new certificate
from the first computer to the second computer for the second computer to
associate the new certificate in place of the old certificate with the
first computer.

2. The method of claim 1 further comprising:determining by the first
computer that the new certificate is to replace the old certificate
associated with the first computer.

3. The method of claim 1 further comprising:determining by the first
computer that the new certificate is to replace the old certificate
associated with the first computer;generating by the first computer a
request for the new certificate upon the first computer determining that
the new certificate is to replace the old certificate associated with the
first computer; andtransmitting the request from the first computer to a
certificate issuer;wherein receiving at the first computer the new
certificate includes receiving at the first computer the new certificate
from the certificate issuer in response to the request.

4. The method of claim 3 wherein:transmitting the new certificate from the
first computer to the second computer includes transmitting the new
certificate from the first computer directly to the second computer along
a communication path independent of the certificate issuer.

5. The method of claim 1 wherein:transmitting the new certificate from the
first computer to the second computer includes using at least one of
electronic mail and handshaking.

6. The method of claim 1 wherein:each certificate is a digital
certificate.

7. The method of claim 1 wherein:each certificate includes a public key.

8. The method of claim 1 wherein:each certificate includes a private key.

9. The method of claim 1 wherein:the email address book of the first
computer is part of an electronic mail application program of the first
computer, wherein the electronic mail application program is
electronically coupled to the second computer.

10. The method of claim 1 wherein:the second computer includes an
application program electronically coupled to the first computer, wherein
the application program archives the new certificate upon the second
computer receiving the new certificate.

11. A method comprising:receiving, at an update engine in communication
with a first computer, a new certificate which is to replace an old
certificate associated with the first computer, wherein a given
certificate enables communication between the first computer and a second
computer when the given certificate is associated by both computers with
the first computer, wherein the first computer has an email address book
having information identifying the second computer as having received the
old certificate;transmitting by the update engine the new certificate to
the first computer for the first computer to associate the new
certificate in place of the old certificate with the first computer;in
response to the update engine receiving the new certificate, accessing by
the update engine the email address book to determine from the
information identifying the second computer that the second computer is
to associate the new certificate in place of the old certificate with the
first computer; andin response to the update engine determining that the
second computer is to associate the new certificate in place of the old
certificate with the first computer, transmitting the new certificate
from the update engine to the second computer for the second computer to
associate the new certificate in place of the old certificate with the
first computer.

12. The method of claim 11 further comprising:determining by the update
engine that the new certificate is to replace the old certificate
associated with the first computer;generating by the update engine a
request for the new certificate upon the update engine determining that
the new certificate is to replace the old certificate associated with the
first computer; andtransmitting the request from the update engine to a
certificate issuer;wherein receiving at the update engine the new
certificate includes receiving at the update engine the new certificate
from the certificate issuer in response to the request.

13. The method of claim 12 wherein:transmitting the new certificate from
the update engine to the second computer includes transmitting the new
certificate from the update engine directly to the second computer along
a communication path independent of the certificate issuer.

14. The method of claim 11 wherein:each certificate is a digital
certificate.

15. The method of claim 11 wherein:each certificate includes at least one
of a public key and a private key.

16. A method comprising:generating at a certificate issuer a new
certificate which is to replace an old certificate associated with the
first computer, wherein a given certificate enables communication between
the first computer and a second computer when the given certificate is
associated by both computers with the first computer, wherein the
certificate issuer has information identifying the second computer as
having received the old certificate;transmitting by the certificate
issuer the new certificate to the first computer for the first computer
to associate the new certificate in place of the old certificate with the
first computer;in response to the certificate issuer transmitting the new
certificate to the first computer, accessing by the certificate issuer
the information identifying the second computer to determine that the
second computer is to associate the new certificate in place of the old
certificate with the first computer; andin response to the certificate
issuer determining that the second computer is to associate the new
certificate in place of the old certificate with the first computer,
transmitting the new certificate from the certificate issuer to the
second computer for the second computer to associate the new certificate
in place of the old certificate with the first computer.

17. The method of claim 16 further comprising:determining by the
certificate issuer that the new certificate is to replace the old
certificate associated with the first computer prior to the certificate
issuer generating the new certificate.

18. The method of claim 16 further comprising:receiving by the certificate
issuer a request from the first computer for the new certificate prior to
the certificate issuer generating the new certificate.

19. The method of claim 16 wherein:each certificate is a digital
certificate.

20. The method of claim 16 wherein:each certificate includes at least one
of a public key and a private key.

Description:

CROSS-REFERENCE TO RELATED APPLICATIONS

[0001]This is a continuation of U.S. application Ser. No. 11/176,612,
filed Jul. 7, 2005, now U.S. Pat. No. ______, which is hereby
incorporated by reference in its entirety.

[0005]Transaction tools are instruments issued by a third party (i.e.,
transaction tool issuer) to facilitate transactions between a holder
(i.e., transaction tool holder) and a recipient by "vouching" for a
holder's identity and/or trustworthiness. Accordingly, transaction tools
are used to authenticate the identity and/or trustworthiness of a holder.

[0006]Transaction tools may be managed for issuers and holders by
management systems. As an example, for an issuer of credit cards, a
management system may facilitate day-to-day transactions by verifying
credit availability. Additionally, for an issuer of digital certificates,
a management system may facilitate day-to-day transactions by
authenticating the validity of a digital certificate. Furthermore, from a
holder standpoint, a corporation may use a management system to manage
digital certificates installed by employees on computers in the
corporation's network. While transaction tool management systems
generally facilitate day-to-day use of transaction tools, such systems do
not manage the promulgation of a new and/or updated transaction tool.
Accordingly, the holder of the transaction tool (i.e., the person and/or
entity to which the transaction tool is initially issued) must manually
notify recipients of the new and/or updated transaction tool if the
holder desires to engage in future transactions with the recipient.

BRIEF DESCRIPTION OF THE DRAWINGS

[0007]FIG. 1 illustrates a block diagram of a system for promulgating a
transaction tool to a recipient in accordance with one non-limiting
aspect of the present disclosure;

[0008]FIG. 2 illustrates a block diagram of a system for promulgating a
transaction tool to a recipient in accordance with another non-limiting
aspect of the present disclosure;

[0009]FIG. 3 illustrates a block diagram of a system for promulgating a
transaction tool to a recipient in accordance with yet another
non-limiting aspect of the present disclosure;

[0010]FIG. 4 illustrates a flow diagram of a method of promulgating a
transaction tool to a recipient in accordance with one non-limiting
aspect of the present disclosure; and

[0011]FIG. 5 illustrates a flow diagram of a method of promulgating a
transaction tool to a recipient in accordance with another non-limiting
aspect of the present disclosure.

DETAILED DESCRIPTION

[0012]The present disclosure discloses an embodiment of a method which
includes receiving at a first computer a new certificate which is to
replace an old certificate associated with the first computer. A given
certificate enables communication between the first computer and a second
computer when the given certificate is associated by both computers with
the first computer. The first computer has an email address book having
information identifying the second computer as having received the old
certificate. The method further includes associating by the first
computer the new certificate in place of the old certificate with the
first computer. In response to the first computer associating the new
certificate in place of the old certificate with the first computer, the
first computer accesses the email address book to determine from the
information identifying the second computer that the second computer is
to associate the new certificate in place of the old certificate with the
first computer. In response to the first computer determining that the
second computer is to associate the new certificate in place of the old
certificate with the first computer, the first computer transmits the new
certificate to the second computer for the second computer to associate
the new certificate in place of the old certificate with the first
computer.

[0013]The present disclosure discloses another embodiment of a method
which includes receiving, at an update engine in communication with a
first computer, a new certificate which is to replace an old certificate
associated with the first computer. A given certificate enables
communication between the first computer and a second computer when the
given certificate is associated by both computers with the first
computer. The first computer has an email address book having information
identifying the second computer as having received the old certificate.
The method further includes the update engine transmitting the new
certificate to the first computer for the first computer to associate the
new certificate in place of the old certificate with the first computer.
In response to the update engine receiving the new certificate, the
update engine accesses the email address book to determine from the
information identifying the second computer that the second computer is
to associate the new certificate in place of the old certificate with the
first computer. In response to the update engine determining that the
second computer is to associate the new certificate in place of the old
certificate with the first computer, the update engine transmits the new
certificate to the second computer for the second computer to associate
the new certificate in place of the old certificate with the first
computer.

[0014]The present disclosure discloses another embodiment of a method
which includes generating at a certificate issuer a new certificate which
is to replace an old certificate associated with the first computer. A
given certificate enables communication between the first computer and a
second computer when the given certificate is associated by both
computers with the first computer. The certificate issuer has information
identifying the second computer as having received the old certificate.
The method further includes the certificate issuer transmitting the new
certificate to the first computer for the first computer to associate the
new certificate in place of the old certificate with the first computer.
In response to the certificate issuer transmitting the new certificate to
the first computer, the certificate issuer accesses the information
identifying the second computer to determine that the second computer is
to associate the new certificate in place of the old certificate with the
first computer. In response to the certificate issuer determining that
the second computer is to associate the new certificate in place of the
old certificate with the first computer, the certificate issuer transmits
the new certificate from the certificate issuer to the second computer
for the second computer to associate the new certificate in place of the
old certificate with the first computer.

[0015]In view of the foregoing, one or more embodiments of the present
disclosure may provide one or more of the following advantages: decrease
the amount of human intervention required to acquire and/or update (i.e.,
renew, revoke, etc.) a transaction tool, increase transaction efficiency,
and/or reduce transaction failures resulting from missing and/or outdated
transaction tools.

[0016]Referring to FIG. 1, a block diagram of a system 100 for
promulgating a transaction tool to a recipient in accordance with one
non-limiting aspect of the present disclosure is shown. System 100,
generally comprises a transaction tool issuer 102, a transaction tool
holder 104, and a recipient device 106. Transaction tool issuer (i.e.,
issuer) 102 is generally electronically coupled to transaction tool
holder (i.e., holder) 104 such that electronic signals (e.g.,
communication signals) may be bi-directionally transferred between issuer
102 and holder 104. Similarly, transaction tool holder 104 is generally
electronically coupled to at least one recipient (i.e., recipient device)
106 such that electronic signals may be bi-directionally transferred
between holder 104 and each recipient 106.

[0017]In at least one embodiment of the present disclosure, transaction
tool issuer 102 is a computer or other electronic device which executes
software application programs and/or which performs other logical
exercises. However, transaction tool issuer 102 may include any type of
unit or entity which can generate and/or modify a transaction tool.

[0019]In one exemplary embodiment, transaction tool issuer 102 is
associated with an issuer of digital certificates and the Transaction
Tool Update signal may comprise a new and/or updated public key. In
another exemplary embodiment, transaction tool issuer 102 is associated
with an issuer of digital certificates and the Transaction Tool Update
signal may comprise a new and/or updated private key. In yet another
exemplary embodiment, transaction tool issuer 102 is associated with a
financial institution and the Transaction Tool Update signal may comprise
new and/or updated credit card information (e.g., credit card number,
expiration date, and the like). In still yet another exemplary
embodiment, transaction tool issuer 102 is associated with a financial
institution and the Transaction Tool Update signal may comprise new
and/or updated debit card information (e.g., debit card number,
expiration date, and the like). However, transaction tool issuer 102 may
be associated with any business, organization, individual, and/or other
entity which performs the function of issuing and/or maintaining a
transaction tool. Similarly, the Transaction Tool Update signal may
comprise any appropriate transaction tool information (i.e., data) to
meet the design criteria of a particular application.

[0020]Transaction tool holder 104 is generally a computer or other
electronic device which executes software application programs and/or
which performs other logical exercises.

[0021]In at least one embodiment of the present disclosure, transaction
tool holder 104 is electronically coupled to an update engine 110. For
example, in one non-limiting embodiment, update engine 110 is physically
integrated into transaction tool holder 104. In another non-limiting
embodiment, update engine 110 is physically remote to transaction tool
holder 104. In general, update engine 110 may be physically located in
any appropriate location to meet the design criteria of a particular
application.

[0022]Update engine 110 generally manages the acquisition and maintenance
(i.e., updating, renewal, etc.), of a transaction tool associated with
transaction tool holder 104. Update engine 110 may be implemented as any
suitable logical device to meet the design criterial of a particular
application, such as software (e.g., an application program executable by
transaction tool holder 104), firmware, hardware (e.g., an Application
Specific Integrated Circuit), or a combination thereof.

[0023]In one exemplary embodiment, update engine 110 determines that a
transaction tool associated with transaction tool holder 104 is set to
expire within a predetermined period of time (i.e., a predetermined
expiration date of the transaction tool falls within a predetermined
period of time). In response to the pending expiration of the associated
transaction tool, update engine 110 may generate a request for an updated
transaction tool (i.e., Transaction Tool Operation Request signal),
present the request to transaction tool issuer 102, and receive a
Transaction Tool Update signal from transaction tool issuer 102 in
response to the Transaction Tool Update signal.

[0024]In another exemplary embodiment, update engine 110 determines that a
new transaction tool is required for transaction tool holder 104. Update
engine 110 may determine that a new transaction tool is required in
response to any appropriate trigger to meet the design criteria of a
particular application, such as a user request, a signal from a
transaction tool management system, and the like. Accordingly, update
engine 110 may generate a request for a new transaction tool (i.e.,
Transaction Tool Update signal), present the request to transaction tool
issuer 102, and receive a Transaction Tool Update signal from transaction
tool issuer 102 in response to the Transaction Tool Update signal.

[0025]Update engine 110 may also determine (i.e., identify, select, etc.)
one or more recipient devices 106 (i.e., recipients), such as a computer
in electronic communication with transaction tool holder 104, to receive
the new and/or updated Transaction Tool. In one exemplary embodiment,
recipients 106 are selected based at least in part on a contact list 114
(e.g., an electronic mail address book) electronically coupled to update
engine 110. In another exemplary embodiment, update engine 110 is
electronically coupled to a transaction log 112 and update engine 110
selects recipients 106 based at least in part on transaction log 112. In
the exemplary embodiment having transaction log 112, transaction log 112
may comprise device identification information for at least one device
that has received a transaction tool related to transaction tool holder
104. As will be appreciated by one of ordinary skill in the art, the
present disclosure transcends any particular criteria used to determine
recipients 106 and the embodiments discussed are exemplary and
non-limiting.

[0027]In at least one embodiment of the present disclosure, update engine
110 may publish the new and/or updated credential to a recipient 106
using a handshaking routine performed during a transaction between
recipient 106 and update engine 110 and/or transaction tool holder 104.
The new and/or updated credential may be signed for providing
confirmation that the new and/or updated credential is authentic.

[0028]Referring to FIG. 2, a block diagram of a system 200 for
promulgating a transaction tool to a recipient in accordance with another
non-limiting aspect of the present disclosure is shown. System 200 may be
implemented similarly to system 100 with the exception that recipient 106
is a software application program (i.e., application program). In the
non-limiting embodiment shown in FIG. 2, the application program resides
on transaction tool holder 104. However, the application program may be
resident on any appropriate device in electronic communication (i.e.,
electronically coupled) with update engine 110 to meet the design
criteria of a particular application.

[0029]In at least one non-limiting embodiment of the present disclosure,
the transaction tool is a public key certificate and/or a private key for
encrypting data, the application program is an electronic mail
application, and the application program archives the transaction tool
update such that data (e.g., electronic messages) encrypted using the
transaction tool update may be deciphered beyond a predefined expiration
date of the transaction tool update.

[0030]Referring to FIG. 3, a block diagram of a system 300 for
promulgating a transaction tool to a recipient in accordance with another
non-limiting aspect of the present disclosure is shown. System 300 may be
implemented similarly to system 100 with the exception that transaction
tool issuer 102' comprises an update engine 110' and transaction tool
issuer 102' is generally electronically coupled to recipient devices 106
such that electronic signals may be bi-directionally transferred between
transaction tool issuer 102' and each recipient 106.

[0032]In one exemplary embodiment, recipients 106 are selected based at
least in part on a contact list 114' (e.g., an electronic mail address
book) electronically coupled to update engine 110'. In another exemplary
embodiment, update engine 110' is electronically coupled to a transaction
log 112' and update engine 110' selects recipients 106 based at least in
part on transaction log 112'. In the exemplary embodiment having
transaction log 112', transaction log 112' may comprise device
identification information for at least one device that has received a
transaction tool related to transaction tool holder 104'. As will be
appreciated by one of ordinary skill in the art, the present disclosure
transcends any particular criteria used to determine recipients 106 and
the embodiments discussed are exemplary and non-limiting.

[0034]In at least one embodiment of the present disclosure, update engine
110' may publish the new and/or updated credential to a recipient 106
using a handshaking routine performed during a transaction between
recipient 106 and update engine 110' and/or transaction tool issuer 102'.
The new and/or updated credential may be signed for providing
confirmation that the new and/or updated credential is authentic.

[0035]Referring to FIG. 4, a flow diagram 400 of a method of promulgating
a transaction tool to a recipient in accordance with one non-limiting
aspect of the present disclosure is shown. Method 400 may be
advantageously implemented in connection with system 100, described
previously in connection with FIG. 1, system 200, described previously in
connection with FIG. 2, and/or any appropriate system to meet the design
criteria of a particular application. Method 400 generally comprises a
plurality of blocks or steps (e.g., steps 402, 404, 406, 408, and 410)
that may be performed serially. As will be appreciated by one of ordinary
skill in the art, the steps of method 400 may be performed in at least
one non-serial (or non-sequential) order, and one or more steps may be
omitted to meet the design criteria of a particular application.

[0036]As illustrated in step 402, a Transaction Tool Operation Request
signal may be generated by an update engine (e.g., update engine 110). In
at least one embodiment of the present disclosure, the Transaction Tool
Operation Request signal is generated in response to a determination that
a transaction tool associated with a transaction tool holder (e.g.,
transaction tool holder 104) requires renewal and/or updating. In at
least one other embodiment of the present disclosure, the Transaction
Tool Operation Request signal may be generated in response to a user
and/or transaction tool management system requesting a new transaction
tool. However, the Transaction Tool Operation Request signal may be
generated in response to any appropriate trigger to meet the design
criteria of a particular application.

[0039]At step 408, the update engine may determine one or more recipient
devices (e.g., recipient 106). As previously discussed in connection with
systems 100 and 200, the recipient may be any electronic device and/or
application program in electronic communication (i.e., electronically
coupled) with the update engine. The update engine may determine a
recipient using any appropriate criteria to meet the design requirements
of a particular application.

[0040]At step 410, the update engine generally transmits the Transaction
Tool Update signal comprising the new and/or updated transaction tool to
the recipient devices. The update engine may transmit the Transaction
Tool Update signal to the recipient devices using any appropriate
communication link to meet the design criteria of a particular
application, such as the Internet (e.g., using electronic mail and/or
file transfer), satellite communication channels, dedicated communication
wires, and the like.

[0041]Referring to FIG. 5, a flow diagram 500 of a method of promulgating
a transaction tool to a recipient in accordance with another non-limiting
aspect of the present disclosure is shown. Method 500 may be
advantageously implemented in connection with system 300, described
previously in connection with FIG. 3, and/or any appropriate system to
meet the design criteria of a particular application. Method 500
generally comprises a plurality of blocks or steps (e.g., steps 502, 504,
506, and 508) that may be performed serially. As will be appreciated by
one of ordinary skill in the art, the steps of method 500 may be
performed in at least one non-serial (or non-sequential) order, and one
or more steps may be omitted to meet the design criteria of a particular
application.

[0044]At step 506, the update engine generally determines one or more
recipient devices (e.g., recipient 106). As previously discussed, the
recipient may be any electronic device and/or application program in
electronic communication (i.e., electronically coupled) with the update
engine. The update engine may determine a recipient using any appropriate
criteria to meet the design requirements of a particular application.

[0045]At step 508, the update engine generally transmits the Transaction
Tool Update signal comprising the new and/or updated transaction tool to
the recipient devices and/or the transaction tool holder. The update
engine may transmit the Transaction Tool Update signal to the recipient
devices and/or the transaction tool holder using any appropriate
communication link to meet the design criteria of a particular
application, such as the Internet (e.g., using electronic mail and/or
file transfer), satellite communication channels, dedicated communication
wires, and the like.

[0046]In accordance with various embodiments of the present disclosure,
the methods described herein are intended for operation as software
programs running on a computer processor. Dedicated hardware
implementations including, but not limited to, Application Specific
Integrated Circuits, programmable logic arrays and other hardware devices
can likewise be constructed to implement the methods described herein.
Furthermore, alternative software implementations including, but not
limited to, distributed processing or component/object distributed
processing, parallel processing, or virtual machine processing can also
be constructed to implement the methods described herein.

[0047]It should also be noted that the software implementations of the
present disclosure as described herein are optionally stored on a
tangible storage medium, such as: a magnetic medium such as a disk or
tape; a magneto-optical or optical medium such as a disk; or a solid
state medium such as a memory card or other package that houses one or
more read-only (non-volatile) memories, random access memories, or other
re-writable (volatile) memories. A digital file attachment to email or
other self-contained information archive or set of archives is considered
a distribution medium equivalent to a tangible storage medium.
Accordingly, the present disclosure is considered to include a tangible
storage medium or distribution medium, as listed herein and including
art-recognized equivalents and successor media, in which the software
implementations herein are stored.

[0048]While embodiments of the present disclosure have been illustrated
and described, it is not intended that these embodiments illustrate and
describe all possible forms of the present disclosure. Rather, the words
used in the specification are words of description rather than
limitation, and it is understood that various changes may be made without
departing from the spirit and scope of the present disclosure.